|
|
|
|
|
|
by itaibn
3482 days ago
|
|
|
Security hole: This could leak hash preimages that the user has in cache but are sensitive. Solution: Using a sha256="..." attribute should only allow you to access files that were initially loaded with a tag that has a sha256 attribute, and this attribute is only used for resources the developer considers public. |
|
|